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Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings, of claims in the application: 
Listing of Oaf ms: 

Claim 1 . (Currently Amended): A method of detecting a rogue access point by a client 
comprising the steps of: 

directing a packet from a supplicant to a network through an access point; 

receiving a network response packet by the supplicant from the access point; 

determining that .wh e ther the access point is on e of a valid n e twork access point is ono - of 
a-v alid n e twork acc e ss point and- a rogue access point based on whether the network response 
packet received from the access point is r e sp e ctiv e ly in one of conformity and b eing in 
nonconformity with predetcmiined expectations; 

authenticating through a valid access point to the network: and 

reporting the rogue access point to the network through the valid access point , 

Claim 2. (Currently Amended): The method of claim 1 whoroin, if the aooopc point is 
d e termined to bo a valid n e twork qoqogg point , further comprising the step of authenticating the 
supplicant to the network. 

Claims 3 and 4. (Canceled) 

Claim 5. (Original): The method of claim 1 wherein the predetermined expectations comprise 
data traffic conforming with IEEE 802, IX standards. 

Claim 6. (Currently Amended): The method of claim 1 wherein the predetermined expectations 
comprise a mutual authentication to the network, wherein non[[-]]confonmity is determined by a 
failure of the mutual authentication. 

Claim 7. (Original): The method of claim 6 wherein the mutual authentication comprises: 
issuing a challenge from the server to the client; 
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issuing a counter-challenge from the client to the server; 
wherein mutual authentication fails at the counter-challenge since the access 
point's username and password arc not found in the server's database. 

Claim 8. (Original): The method of claim 6 wherein the mutual authentication comprises: 
directing a message containing identity credentials from the supplicant, through the 

access point, to an authentication server; 

validating the identity credentials of the supplicant using the authentication server; 
forwarding a send key from the authentication server to the supplicant through the access 

point; 

independently deriving a session key from the send key and the identity credentials by the 
supplicant and the authentication server; 

encrypting data packets between the supplicant and the authentication server using the 
derived session key. 

Claim 9. (Original): The method of claim 8 wherein the credentials are a username/password 
combination. 

Claim 10. (Original): The method of claim 8 further comprising: 

prior to the step of directing, sending a start message from the supplicant to the access 

point; 

sending an identity request message from the access point to the supplicant; and 
wherein the step of directing a message comprises sending an identity response message 
containing the identity credentials form the supplicant to the access point in response to the 
identity request message, and forwarding the identity response message from the access point to 
the authentication server. 

Claim 11. (Original): The method of claim 10 wherein the authentication server is a RADIUS 
server and wherein the identity response message is in the form of a RADIUS access request, 
wherein the method further comprises the steps of: 
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responding to the RADIUS access request with a RADIUS challenge from the 
authentication server to the supplicant; and responding from the supplicant to the RADIUS 
challenge according to the RADIUS protocol. 

Claim 12. (Original): The method of claim H wherein the steps of validating and forwarding 
comprise sending the supplicant a RADIUS accept message and wherein the send key comprises 
an MS-MPPE-Send-key. 

Claim 13. (Original): The method of claim 8 wherein the step of forwarding a send key 
comprises supplying key length and key index to specify encryption parameters for the session 
key. 

Claim 14. (Original): The method of claim 10 wherein the encryption parameters are based on 
one of a 40/64-bit and a 104/128-bit key. 

Claim 15. (Original): The method of claim 8 further comprising the initial step of configuring 
the supplicant in a device mode where the identity credentials are stored on a network card for 
non-interactive authentication by a user. 

Claim 16. (Original): The method of claim 8 further comprising the initial step of configuring 
the supplicant in a network logon mode where the identity credentials are integrated into a 
network logon to enable a single sign-on for network authentication and PC network logon. 

Claim 17. (Original): The method of claim 8 further comprising the initial step of establishing 

authenticator support comprising: 

configuring the access point to use one of 40/64-bit and 104/128-bit WEP mode; and 
providing the access point with the authentication server address and encryption scheme 

to be used for communication. 

Claim 18, (Original): The method of claim 8 further comprising the initial step of establishing 
the authentication server comprising: 
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setting up a user database selected from at least one of a local database and a network- 
database; and 

setting up the access point as a network access server. 

19. (Original): The method of claim 8 wherein the supplicant, access point and authentication 
server are part of a wireless local area network. 

20. (Original): The method of claim 8 wherein the supplicant, access point and authentication 
server are part of a hard-wired local area network. 

Claim 21. (Currently Amended): A n arrangomon t client configured with a supplicant for 
detecting a rogue access point comprising: 

means for directing a packet from [[a]]the supplicant to a network through an access 

point; 

means for receiving a network response packet by the supplicant from the access point; 

means for determining whether the access point is on e of a valid network acc e ss point is 
on e of a valid notwork acc e ss point and a rogue access point based on whether t he network 
response packet received from the access point t s - resp e ctiv e ly in ono of oonformity and - b eing in 
nonconformity with predetermined expectations; 

means adapted for reporting the rogue access point throuEh a valid access point that the 
client is able to authe nticate via the means for directing, the means for receiving and the mea ns 
for determining. 

Claim 22. (Currently Amended): The arrangement client of claim 21 further comprising means 
for authenticating the supplicant to the network, if the access point is determined to be a valid 
network access point. 

Claims 23 and 24 (Canceled). 

Claim 25. (Currently Amended): The arrang e ment cHenLof claim 21 wherein the predetermined 
expectations comprise data traffic conforming with IEEE 802. IX standards. 
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Claim 26. (Currently Amended): The arrang o m o nt cHentof claim i wherein the predetermined 
expectations comprise a mutual authentication to the network, wherein non-conformity is 
determined by a failure of the mutual authentication. 



Claim 27. (Currently Amended): The ft ^gem e irt -clignLof claim 21 wherein the means for 
mutual authentication comprises: 

means for directing a message containing identity credentials from the supplicant, 
through the access point, to an authentication server; 

means for validating the identity credentials of the supplicant using the authentication 

server; 

means for forwarding a send key from the authentication server to the supplicant through 
the access point; 

means for independently deriving a session key from the send key and the identity 
credentials by the supplicant and the authentication server; 

means for encrypting data packets between the supplicant and the authentication server 
using the derived session key. 

Claim 28. (Currently Amended): The arrangement cligntof claim 27 wherein the credentials are 
a us emam e/pass word combination. 

Claim 29. (Currently Amended): The arrangement cjigntof claim 27 further comprising: 

prior to tho means for directing, providing m eans for sending a start message from the 

supplicant to the access point prior to the means for directing : 

means for sending an identity request message from the access point to the supplicant; 

and 

wherein the means for directing a message comprises means for sending an identity 
response message containing the identity credentials form the supplicant to the access point in 
response to the identity request message, and means for forwarding the identity response 
message from the access point to the authentication server. 
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30. (Currently Amended): The armrvgeeieirt-cUeaLof claim 29 wherein the 
authentication server is a RADIUS server and wherein the identity response message is in the 
form of a RADIUS access request, wherein the arrangement further comprises: 

means for responding to the RADIUS access request with a RADIUS challenge from the 
authentication server to the supplicant; and means for responding from the supplicant to the 
RADIUS challenge according to the RADIUS protocol. 

Claim 31. (Currently Amended): The arrangomont cUgptof olaim 29 wherein the means for 
validating and forwarding comprise means for sending the supplicant a RADIUS accept message 
and wherein the send key comprises an MS-MPPE-Send-key. 

Claim 32. (Currently Amended): The arrangomont cKgntof claim 27 wherein the means for 
forwarding a send key comprises means for supplying key length and key index to specify 
encryption parameters for the session key. 

Claim 33.. (Currently Amended): The arrangoment cligrtof claim 32 wherein the encryption 
parameters are based on one of a 40/64-bit and a 104/128-bit key. 

Claim 34, (Currently Amended): The Mrangom e n t-clignLof claim 27 wherein the supplicant, 
access point and authentication server are part of a wireless local area network. 

Claim 35. (Currently Amended): The arrangoment cliemof claim 27 wherein the supplicant, 
access point and authentication server are part of a hard-wired local area network. 
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